Allow users to specify which endpoints are allowed for anonymous requests. This allows the admin to only allow access to health endpoints like healthz,livez and readyz anonymously while making sure other cluster endpoints or resources cannot be access anonymously even if a user misconfigures RBAC.
One-line enhancement description (can be used as a release note): Only allow anonymous auth for health endpoints.
Enhancement Description
Allow users to specify which endpoints are allowed for anonymous requests. This allows the admin to only allow access to health endpoints like
healthz
,livez
andreadyz
anonymously while making sure other cluster endpoints or resources cannot be access anonymously even if a user misconfigures RBAC.One-line enhancement description (can be used as a release note): Only allow anonymous auth for health endpoints.
Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/pull/4634
Discussion Link: https://docs.google.com/document/d/1woLGRoONE3EBVx-wTb4pvp4CI7tmLZ6lS26VTbosLKM/edit#bookmark=id.ehlt47tezzsk
Primary contact (assignee): @vinayakankugoyal
Responsible SIGs: sig-auth
Enhancement target (which target equals to which milestone):
[x] Alpha
k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update PR(s):[ ] Beta
k/enhancements
) update PR(s): https://github.com/kubernetes/enhancements/pull/4798k/k
) update PR(s):k/website
) update(s):